Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/development/test-vectors.rst
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,10 @@ Custom asymmetric vectors
encrypted with ``pbeWithSHA1And128BitRC4``. The password is ``password``.
* ``asymmetric/PKCS8/enc-rsa-pkcs8-pbkdf2-0iter.pem`` a PKCS8 encoded
structure with an invalid PBKDF2 iteration count (zero).
* ``asymmetric/MLDSA/mldsa44_pub.der`` and ``asymmetric/MLDSA/mldsa44_priv.der``
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mldsa44_priv.der appears to contain both seed and pub/priv so this is the OpenSSL "kitchen sink" format I think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when I decode it I see this, which only contains the seed?

The OCTET STRING has tag 0, which should mean that it's the seed variant from the ML-DSA-44-PrivateKey CHOICE:

ML-DSA-44-PrivateKey ::= CHOICE {
  seed [0] OCTET STRING (SIZE (32)),
  expandedKey OCTET STRING (SIZE (2560)),
  both SEQUENCE {
      seed OCTET STRING (SIZE (32)),
      expandedKey OCTET STRING (SIZE (2560))
      }
  }

a PKCS8 encoded key pair for ML-DSA-44 generated by OpenSSL.
* ``asymmetric/MLDSA/mldsa65_noseed_priv.der`` a PKCS8 encoded ML-DSA-65 private
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This appears to have serialized nothing:

SEQUENCE {
  INTEGER { 0 }
  SEQUENCE {
    # ml-dsa-65
    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
  }
  OCTET_STRING {
    SEQUENCE {}
  }
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's intended, it's for a test for an invalid key:

def generate_mldsa65_noseed(output_dir: str) -> None:
    # ML-DSA-65 OID: 2.16.840.1.101.3.4.3.18
    # Generate an ML-DSA-65 PKCS#8 key whose inner privateKey is an
    # empty SEQUENCE (0x30 0x00) — i.e. the "both" SEQUENCE form with
    # no seed present. This exercises the InvalidKey error path in the
    # Rust parser when seed is None.

(from the script used to generate it)

key serialized without the seed.

Key exchange
~~~~~~~~~~~~
Expand Down
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading